Romania’s national oil pipeline operator Conpet S.A. has confirmed that threat actors stole company data during a cyberattack in early February 2026. The company said the intrusion affected its corporate information technology systems but did not disrupt pipeline transport operations. Investigators from Romania’s National Cyber Security Directorate (DNSC) are working with Conpet to assess the scope of the incident.
Conpet said the attack involved unauthorized access to its internal systems and that data exfiltration occurred. The company could not specify the amount or types of data taken because the investigation was ongoing. Conpet warned that the compromised information could be exploited for fraudulent activity and advised individuals who may be affected to be cautious of unsolicited contact asking for personal or financial details.
The Qilin ransomware group has publicly claimed responsibility for the attack, posting samples of allegedly stolen internal documents to a dark website. The group’s leak includes images it says were taken from Conpet’s systems, purportedly showing financial and identity records. Qilin published these materials as proof of the breach.
Some of the leaked documents bear markers suggesting they include confidential internal information dated as recently as late 2025, and personal data such as names, postal addresses, identification numbers, and bank account information. Conpet has not confirmed details about the specific documents taken, saying only that it is investigating the incident.
Conpet’s corporate website and business systems were offline for a time after the intrusion as the company implemented containment measures and investigated the breach. Operational systems that manage oil pipeline flows, including supervisory control and data acquisition and other operational technology, continued to function and were not reported as compromised. As a result, the transport of crude oil and petroleum products through the national pipeline network was maintained without interruption.
The company filed a criminal complaint with Romania’s Directorate for Investigating Organised Crime and Terrorism (DIICOT), and said it activated internal mitigation processes immediately after detecting the intrusion. Conpet’s statement emphasised that it was cooperating with authorities to restore affected services and evaluate the impact of the breach.
The attack on Conpet follows a pattern of cyber incidents affecting Romanian infrastructure and utilities. In December 2025, ransomware attacks targeted the national water management authority and Romania’s largest coal-based energy producer, Oltenia Energy Complex, disrupting aspects of their IT operations. The Conpet breach highlights continued interest by criminal groups in targeting critical infrastructure sectors even where physical operations remain intact.
Conpet has advised customers and partners to monitor for suspicious communications and report any concerns to the appropriate authorities. Formal updates on the volume of stolen data and details of the investigation were expected as authorities and the company complete forensic analysis